Скачать с ютуб Microsoft Sentinel - Azure OpenAI Incident Response Playbook в хорошем качестве

Microsoft Sentinel - Azure OpenAI Incident Response Playbook

Use case description. The following use case describes an incident trigger in Microsoft Sentinel, where a comment is added to the incident to explain the Mitre Att&ck Tactics and Techniques used by the attacker, and a task is added to suggest how to investigate the incident. Additionally, it leverages previous tasks to suggest a KQL query. Incident trigger: The incident trigger is defined as a specific event or condition in Microsoft Sentinel, such as a security alert or a log entry that meets certain criteria. For example, the trigger could be triggered when a suspicious network connection is detected. Add comment to incident: Once the incident trigger is activated, a comment is added to the incident to explain the tactics and techniques used by the attacker. This could include information such as the specific malware used, or the methods used to evade detection. Add task to incident: A task is added to the incident to suggest how to investigate the incident. This could include tasks such as collecting additional data, running automated investigations, or taking specific actions to contain or remediate the incident. Leverage previous task: The previous task's outcome is used to suggest a KQL query to investigate the incident. The KQL query allows searching for specific events or log entries in the Microsoft Sentinel data to help in the incident investigation. This query can be used to gather more information about the incident and help identify the cause and scope of the attack.